The Changing Identity of Identity Management

A key element of the move to zero trust is the use of "strong multi-factor authentication (MFA) throughout their enterprise." While identity management has been indicated by many as the "low hanging fruit" of a zero-trust journey, it is by no means easy. In fact, recent guidance from the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) called it "notoriously difficult."

Key challenges to implementing MFA include:

  • Lack of standards - the CISA/NSA guidance pointed to confusion over MFA terminology and vague policy instructions as primary challenges to implementing more secure access. A joint committee of European Union (EU) and U.S. experts addressed this same issue in the Digital Identity Mapping Exercise Report, which aimed to define specific digital identity technical terminology. For example, the group found some definitions, such as "authoritative source" and "authentication factor," are identical between the U.S. and EU, whereas others, like "identity" and "signature," remain only partially matched.
  • Phishing - bad actors do not always hack the system; they hack the process, gaining entry through social-engineering tactics that grow more sophisticated by the day. The CISA/NSA report called on the vendor community to provide MFA services with additional investments and greater defenses against sophisticated attacks.
  • Rise of Generative AI - The Department of Homeland Security (DHS) is working to ensure technologies can determine if a submitted image is legitimate or a hacker's spoof. This "liveness detection" is needed to ensure that a submitted selfie is really a photo of a person, not a mask, photo of a photo, or other technique to try to get past the check.

Continue reading

Understanding the State of State-Level IT

The National Association of State Chief Information Officers (NASCIO) annual member survey aimed to get a picture of what is currently happening in IT implementation at the state level. It focused on how states are funding their IT work and how they are implementing key technologies.

Show Me the Money

The survey found that state CIO offices have a median budget of $132 million, with high levels of federal funding resulting from the Coronavirus Aid, Relief and Economic Security Act, the American Rescue Plan, and the Infrastructure Investment and Jobs Act. But with the level of modernization needed to meet citizen expectations of digital government, that frequently is not enough.

States are increasingly moving to a "chargeback" model where IT funding comes from the business unit where it is used. For example, the Human Resources Department would be responsible for paying for the licenses and development costs of their HR information system, rather than that being seen as an overhead expense funded out of IT. This model allows CIOs to use more of their budget for large-scale IT modernization projects that stretch over many years and impact multiple departments. Continue reading

Innovative Infrastructure

The Bipartisan Infrastructure Deal (also known by the formal title, Infrastructure Investment and Jobs Act), kick-started activity to modernize our nation's critical physical assets and reimagine how we use transportation, utilities, and more with $1.2 trillion in funding. In just the last year, $200 billion has been distributed over 20,000 projects in all 50 states and U.S. territories. That includes starting repairs to more than 69,000 miles of roadway, 500,000 electric vehicle charging stations, 3,700 bridge repair and replacement projects, and fielding of 5,000 clean transit school buses. Money continues to be made available through grants to improve legacy infrastructure and introduce new technologies to improve how the nation uses infrastructure.

Everything Old is New Again

Rail travel is receiving heavy investment due to increased usage and demand. Virginia and North Carolina have seen record-high ridership in the last year and those states are now looking for ways to increase the number and frequency of passenger travel. Virginia is looking to purchase right of way from freight railroads, so it can install passenger-only tracks at key chokepoints. Tennessee is also looking to increase rail options in the state pulling together potential ridership numbers to advocate for federal investment in new rail lines to serve the state and surrounding metropolitan areas. Continue reading

Ensuring Equity in Disaster Response

Equity is highlighted in priority two of the President's Management Agenda (PMA), Delivering Excellent, Equitable, and Secure Federal Services and Customer Experience, and is a theme throughout all PMA priorities. Disaster response is possibly the most critical place to ensure equity. While a disaster does level the playing field in some ways-no matter how much money you have it won't stop a tornado from hitting your house-the recovery from disasters is not as fairly distributed.

A 2021 report from the Government Accountability Office (GAO) found that disaster response is "uneven" across the country. The research found that small towns, rural and tribal areas, and underserved and disadvantaged communities have a hard time accessing federal disaster recovery assistance programs. Those that did access funds had difficulty achieving a full recovery with structures still damaged years later. A key to solving this gap? Data. Continue reading

Looking Past the Cloud and Into Space

While the focus of government modernization has been transitioning government into the Cloud, NASA and Space Force have their sights set even further. Both organizations are focused on bringing "new knowledge and opportunities back to Earth."

.

.

Show Me the Data!

Data is critical to that mission. Using data, NASA leaders have set a goal to accelerate the time it takes to release innovations to the market by 25%. This data use challenge is common across government, and becomes even more complex when you have to get data from where it is to where it's needed and that movement involves data coming from space.

Being a new agency, Space Force is able to implement many digital born systems, but working with legacy data and systems is a constant challenge that requires innovative thinking. Critical to this is understanding a technology's application to a specific mission and effectively communicating its impact to leaders to help reduce barriers to changing "how it's always been done."

Continue reading